Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
My company is trying to do Dynamic RLS for PowerBI Embedded on behalf of our customers, but I am running into some major roadblocks while trying to secure the data. The requirements/steps of what we are doing are:
All approaches to RLS I have seen thus far require manual entry of roles/members either into a PowerBI Desktop, PowerBI web, and/or a static table in PowerBI Desktop. Are there any approaches that will work? The only option I have seen so far is attempting to embed the key-value-pairs into the embed token's username field (which is limited to 256 ASCII chars only) and somehow parse it using a DAX expression.
Hey @Anonymous ,
I consider this requirement not possible, due to this simple fact: RLS is based on roles with rules assigned.
Theses rules are an essential part of the data model and can not be changed during querying.
I thinks the only viable approach is to create something called "JSON script filters", here you will find some more description: https://docs.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security#using-rls-vs-javascript-filters
Of course this is something that I would call: security by obscurity.
As this architecture is a more complex architecture, meaning there are three parties involved I would consider this approach:
voila a new role is created.
I have to admit, that I'm currently not sure if the data model has to be re-processed if a new role is added, my assumption: No!
Regards,
Tom
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
16 | |
2 | |
2 | |
1 | |
1 |
User | Count |
---|---|
21 | |
2 | |
2 | |
2 | |
2 |